Shulou(Shulou.com)06/01 Report--

How to carry out IdentityServer4 RSA certificate encryption, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

IdentityServer4 provides two certificate encryption configurations by default:

Services.AddIdentityServer () .AddDeveloperSigningCredential () .AddTemporarySigningCredential ()

These two certificate encryption methods are used temporarily. Each time the project is restarted, a new certificate will be generated again, which will lead to a problem. The access_token generated before restart will no longer be applicable after restart, because the corresponding encryption method has changed because the certificate has changed. Therefore, the following problem will occur:

Error message:

Www-Authenticate:Bearer error= "invalid_token", error_description= "The signature key was not found"

The solution is to always use a certificate. Let's configure it like this:

Services.AddIdentityServer () .AddDeveloperSigningCredential ()

You can check the AddDeveloperSigningCredential implementation source code and start the project. IdentityServer4 will generate a tempkey.rsa certificate file in the project directory:

{"KeyId": "4e1765de45ef639261115198826dfea7", "Parameters": {"D": "FnB7kIinBgoZDaRqIrRQHEF45FBF9amOrTn8oFdmsxPqJbh21bHeCw11AtCCC4p1mm750onDXeP+yoBHymr/wNn40VmGdhR4hnObHhhw5pyQKECIS41DFDatCZif9uhDgHsOvYHMRVNSapDFoDUvbTE6t7rv4prn2fDt5mzRD9AqdT2HyTcwa/H1haaZNwmy3UevYYy8ya4kKXvjRo6+O7BMBh+yBvHgezQ57Ye/NfZfDMITs4djbqELrYVXCTMltNsWWhQtS62cqvKboxoiXfSm67u/li5Fdusc5Z2zsyt5rE/V8h/ffBvS9N9v0VoDTdFqLYkuul0DvTZ/pqXtMQ==", "DP": "XQDf46csbwu/xX+jwo5VQQ8sKVlVBLuxSNTAbNS6O/aCg9eEjZ58EJ712JgqqORcDMg5JRejN3Zxxoij4roJogyvvw6QSws/H+UTmtuuudgT59OB1TyNGihMVSTLXaw4Kgdj8D8IK8v0okdFEpYugzIIFe1yl0lSzR7fkF+NKC0=", "DQ": "4TvT9ujJ38sTluz0dUSIUD3NCWJOMDKOB/cL3RaDyMf/MTSxNFfWDuuW55F2P8mncHhqLuANcg2l3h8xom+1ucn+ve45JNoWja4fpWQ16rmijPc5yKRe0uAGEaXJiTAEvIxXG18zvNA8Fab+L2X1h+1r35ZLZFYj+EyhkqQ7u5k=", "Exponent": "AQAB", "InverseQ": "nTAEt8v+DlAn6h7Z1Ey1x4Z56OfOmCvY01nte4f3OuSmBXoEaTSoGsXScweAMoSGb0aOG1qpvErtY+JykREeLJxvm4P3DAHL5lJWvDKPvCWJOD9jfzhBUyIhCoqQ8EIHjFxBNKyNefAsVuKdH6R+ApuhpF8XVhR59zLawUQWLEg=", "Modulus": "43j4tvNZy7IxuiDwZzWv9KiS5kSYIeBqEvQ7zkQmRT3IEsseiTv698iQx8qn+de8FeGFEa8O6igFU2VXqFyWJilTuPmeBPJxIMCqfxdxF+96giVSpN4rOFaH/V+IPNTQoYCLFwcUR2saFywUeKWpsRFhQCymsFIk3AlWu7jcqgKHrELsJpn5KVmedb6JZcVKMIfTrcY6hWQz2JNEhTOEI10ZVZ7ueEp2Q2+1/udvp47wPMhzriXJTFP7Y4ozU2THbuwIqCXM5DNBGUpEug0vlCAhwn6nvAo8e9fT0lpUzTd2T8wWzwuHkAgyjB0XTzSYR1fMJIKH1zDs25RqmlepgQ==", "P": "9lGtQw9yXz4nbepESFDxAMfDlmiI9Gj3Q3FecKIgGVVi9WVr19lzBcszhszhsVybA8n1OyPXHdOyuSWOiVp69ibo5OXLL4iWzY1VOouXeZrYimxNPvVKKlRf8AsVcv3nUniverse FEhwY9gnQm4PZYUGw96WZ5Z5Zgovernment CWJ9xTORg54Wh79hk0 =", "Q": "7Gmrbase 43bMpictures 9W4YghtNh4etTuTR1M5uBXXXdUl6wSm2ecCBVxVXX0YY0MprS0MZOS4GTP3Tt3Yt

Code execution in AddDeveloperSigningCredential first determines whether the tempkey.rsa certificate file exists, if not, creates a new tempkey.rsa certificate file, and uses this certificate file if it does.

So, when we configure, pass a tempkey.rsa certificate file name, and it's fine:

Services.AddIdentityServer () .AddDeveloperSigningCredential ("tempkey.rsa")

Of course, you can also rename the tempkey.rsa certificate file.

After reading the above, have you mastered how to encrypt IdentityServer4 RSA certificates? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.